87,400 patients PHI exposed in a phishing attack
Union Labor Life Insurance (ULLI), the subsidiary of Ullico Inc., is notifying over 87,000 plan members that a few of their PHI (Protected Health Information) has been exposed when an employee has responded to one phishing email.
As often happens in the case of healthcare phishing attacks, that phishing email looks realistic and appeared as genuine request from one trustworthy business partner. According to officials, the phishing email contained a malicious link to an apparent genuine file sharing site that asked the employee to enter the login credentials, once the malicious link was clicked. As soon as the employee entered his/her login credentials in that fraudulent link, the hacker has collected that information and then was successful in accessing the email account of that employee having a number of sensitive information.
ULLI had systems through which the IT department gets alerted about the unauthorized access. As a result, the IT department has blocked the third-party access to that compromised email account within 90min. of the account getting compromised on Apr. 1, 2019, and also disconnected that device from network. The quick action significantly limited the possibility of accessing or theft of the protected health information that was contained in the emails as well as email attachments.
A forensic analysis was conducted by ULLI, which determined that the access has been limited to a solitary email account on only one device. The investigation also determined that the compromised email account, its attachments and archived folders contain PHI of the plan members.
Although the investigation has not found any evidence to suggest that the patient information has been accessed or stolen, possibility of that cannot be denied with a high amount of certainty.
The PHI that was possibly compromised has been limited to plan member names, dates of birth, addresses, Social Security numbers, as well as some personal health information of the plan members along with their family members.
All affected individuals will get 24 months of free identity theft protection and credit monitoring services from ULLI as a precautionary measure.
As per the breach report that was submitted to Department of Health and Human Services' Office for Civil Rights, around 87,400 patients were affected by this breach.
» SPAMfighter News - 7/2/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!